security/wazuh-manager: Fix error when running with legacy algorithms

Traceback (most recent call last):
  File "/var/ossec/framework/scripts/cluster_control.py", line 16, in <module>
    import wazuh.core.cluster.cluster
  File "/var/ossec/framework/python/lib/python3.11/site-packages/wazuh/core/cluster/cluster.py", line 22, in <module>
    from wazuh.core.cluster.utils import (
  File "/var/ossec/framework/python/lib/python3.11/site-packages/wazuh/core/cluster/utils.py", line 21, in <module>
    from wazuh.core.configuration import get_ossec_conf
  File "/var/ossec/framework/python/lib/python3.11/site-packages/wazuh/core/configuration.py", line 23, in <module>
    from wazuh.core.utils import cut_array, load_wazuh_xml, safe_move
  File "/var/ossec/framework/python/lib/python3.11/site-packages/wazuh/core/utils.py", line 32, in <module>
    from api import configuration
  File "/var/ossec/framework/python/lib/python3.11/site-packages/api/configuration.py", line 13, in <module>
    from cryptography import x509
  File "/var/ossec/framework/python/lib/python3.11/site-packages/cryptography/x509/__init__.py", line 7, in <module>
    from cryptography.x509 import certificate_transparency, verification
  File "/var/ossec/framework/python/lib/python3.11/site-packages/cryptography/x509/certificate_transparency.py", line 8, in <module>
    from cryptography.hazmat.bindings._rust import x509 as rust_x509
RuntimeError: OpenSSL 3.0's legacy provider failed to load. This is a fatal error by default, but cryptography supports running without legacy algorithms by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have likely made a mistake with your OpenSSL configuration.

Approved by:    acm@

3 files changed, 30 insertions, 1 deletions

diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile
index f1e268b16d35..1228d1c1cd22 100644
--- a/security/wazuh-manager/Makefile
+++ b/security/wazuh-manager/Makefile
@@ -1,7 +1,7 @@
 PORTNAME=	wazuh
 DISTVERSIONPREFIX=	v
 DISTVERSION=	4.14.1
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources \
 		LOCAL/acm/${PORTNAME}/:wazuh_cache
diff --git a/security/wazuh-manager/files/patch-api_wrappers_generic__wrapper.sh b/security/wazuh-manager/files/patch-api_wrappers_generic__wrapper.sh
new file mode 100644
index 000000000000..1a200290d1ef
--- /dev/null
+++ b/security/wazuh-manager/files/patch-api_wrappers_generic__wrapper.sh
@@ -0,0 +1,18 @@
+--- api/wrappers/generic_wrapper.sh.orig	2026-01-07 12:49:39.640154000 -0400
++++ api/wrappers/generic_wrapper.sh	2026-01-07 12:52:17.155158000 -0400
+@@ -3,6 +3,8 @@
+ # Created by Wazuh, Inc. <info@wazuh.com>.
+ # This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2
+ 
++CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1; export CRYPTOGRAPHY_OPENSSL_NO_LEGACY
++
+ WPYTHON_BIN="framework/python/bin/python3"
+ 
+ SCRIPT_PATH_NAME="$0"
+@@ -35,4 +37,4 @@
+ esac
+ 
+ 
+-${WAZUH_PATH}/${WPYTHON_BIN} ${PYTHON_SCRIPT} $@
+\ No newline at end of file
++${WAZUH_PATH}/${WPYTHON_BIN} ${PYTHON_SCRIPT} $@
diff --git a/security/wazuh-manager/files/patch-framework_wrappers_generic__wrapper.sh b/security/wazuh-manager/files/patch-framework_wrappers_generic__wrapper.sh
new file mode 100644
index 000000000000..bce13727fb03
--- /dev/null
+++ b/security/wazuh-manager/files/patch-framework_wrappers_generic__wrapper.sh
@@ -0,0 +1,11 @@
+--- framework/wrappers/generic_wrapper.sh.orig	2026-01-07 12:49:52.861330000 -0400
++++ framework/wrappers/generic_wrapper.sh	2026-01-07 12:52:35.979138000 -0400
+@@ -3,6 +3,8 @@
+ # Created by Wazuh, Inc. <info@wazuh.com>.
+ # This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+ 
++CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1; export CRYPTOGRAPHY_OPENSSL_NO_LEGACY
++
+ WPYTHON_BIN="framework/python/bin/python3"
+ 
+ SCRIPT_PATH_NAME="$0"